1#! /bin/sh -x
2#
3# sample script on using the ingress capabilities
4# This script fwmark tags(IPchains) based on metering on the ingress
5# interface the result is used for fast classification and re-marking
6# on the egress interface
7# This is an example of a color blind mode marker with no PIR configured
8# based on draft-wahjak-mcm-00.txt (section 3.1)
9#
10#path to various utilities;
11#change to reflect yours.
12#
13IPROUTE=/root/DS-6-beta/iproute2-990530-dsing
14TC=$IPROUTE/tc/tc
15IP=$IPROUTE/ip/ip
16IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains
17INDEV=eth2
18EGDEV="dev eth1"
19CIR1=1500kbit
20CIR2=1000kbit
21
22#The CBS is about 60 MTU sized packets
23CBS1=90k
24CBS2=90k
25
26meter1="police rate $CIR1 burst $CBS1 "
27meter2="police rate $CIR1 burst $CBS2 "
28meter3="police rate $CIR2 burst $CBS1 "
29meter4="police rate $CIR2 burst $CBS2 "
30meter5="police rate $CIR2 burst $CBS2 "
31#
32# tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1
33# tag all incoming packets from any other subnet to fw tag 2
34############################################################
35$IPCHAINS -A input -i $INDEV -s 0/0 -m 2
36$IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1
37#
38############################################################
39# install the ingress qdisc on the ingress interface
40$TC qdisc add dev $INDEV handle ffff: ingress
41#
42############################################################
43
44# All packets are marked with a tcindex value which is used on the egress
45# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE
46#
47############################################################
48#
49# anything with fw tag of 1 is passed on with a tcindex value 1
50#if it doesnt exceed its allocated rate (CIR/CBS)
51#
52$TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \
53$meter1 \
54continue flowid 4:1
55#
56# if it exceeds the above but not the extra rate/burst below, it gets a
57#tcindex value  of 2
58#
59$TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \
60$meter2 \
61continue flowid 4:2
62#
63# if it exceeds the above but not the rule below, it gets a tcindex value
64# of 3
65#
66$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \
67$meter3 \
68drop flowid 4:3
69#
70# Anything else (not from the subnet 10.2.0.24/24) gets discarded if it
71# exceeds 1Mbps and by default goes to BE if it doesnt
72#
73$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 2 fw \
74$meter5 \
75drop flowid 4:4
76
77
78######################## Egress side ########################
79
80
81# attach a dsmarker
82#
83$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64
84#
85# values of the DSCP to change depending on the class
86#note that the ECN bits are masked out
87#
88#AF41 (0x88 is 0x22 shifted to the right by two bits)
89#
90$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
91       value 0x88
92#AF42
93$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
94       value 0x90
95#AF43
96$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
97       value 0x98
98#BE
99$TC class change $EGDEV classid 1:4 dsmark mask 0x3 \
100       value 0x0
101#
102#
103# The class mapping (using tcindex; could easily have
104# replaced it with the fw classifier instead)
105#
106$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
107          handle 1 tcindex classid 1:1
108$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
109          handle 2 tcindex  classid 1:2
110$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
111          handle 3 tcindex  classid 1:3
112$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
113          handle 4 tcindex  classid 1:4
114#
115
116#
117echo "---- qdisc parameters Ingress  ----------"
118$TC qdisc ls dev $INDEV
119echo "---- Class parameters Ingress  ----------"
120$TC class ls dev $INDEV
121echo "---- filter parameters Ingress ----------"
122$TC filter ls dev $INDEV parent ffff:
123
124echo "---- qdisc parameters Egress  ----------"
125$TC qdisc ls $EGDEV
126echo "---- Class parameters Egress  ----------"
127$TC class ls $EGDEV
128echo "---- filter parameters Egress ----------"
129$TC filter ls $EGDEV parent 1:0
130#
131#deleting the ingress qdisc
132#$TC qdisc del $INDEV ingress
133